automating-with-maia
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the '@microsoft/fetch-event-source' Node.js package for implementing Server-Sent Events. This is an official package provided by Microsoft, which is a well-known and trusted organization.
- [DATA_EXFILTRATION]: Documents network communication with 'hooks.modularmind.app'. This domain is the official endpoint for the Maia service operated by the skill's author, modularmindlab, and is necessary for the skill's primary functionality of triggering workflows.
- [PROMPT_INJECTION]: The skill describes a system that processes arbitrary data via webhooks, which presents a surface for indirect prompt injection. Evidence: 1. Ingestion points: Webhook response body via SSE stream. 2. Boundary markers: Absent in prompt templates. 3. Capability inventory: Maia provides web browsing, Gmail access, and document generation. 4. Sanitization: No sanitization logic is present in the provided templates. This is noted as a functional characteristic of the integrated service.
- [SAFE]: The core logic of the skill involves providing documentation, prompt templates, and integration examples. No malicious code, obfuscation, or unauthorized credential access was detected within the skill's content.
Audit Metadata